Erikwynter

**Name of the Vulnerable Software and Affected Versions** HorizontCMS versions prior to 1.0.0-beta (patched, but version number remains the same) **Description** The issue allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code. This is achieved by uploading a PHP payload, renaming it using the FileManager's rename function to provide the payload with the PHP extension, and then executing the PHP file via an HTTP GET request to "/storage/<php file name>". **Recommendations** For HorizontCMS version 1.0.0-beta, update to the patched version of 1.0.0-beta to resolve the issue. As a temporary workaround, consider restricting access to the FileManager and disabling the rename function to minimize the risk of exploitation. Avoid using the FileManager to upload files with executable extensions until the issue is resolved.